#!/usr/bin/perl -w
# vim:tw=100 sw=2 expandtab ft=perl

return unless i_isa_fetchall("sudo");

my $text = <<EOF;
# sudoers file.
#
# This file is rebuilt by rollout, so any changes made locally will be lost
# next time rollout is run.

# Root can run anything as any other user
root   ALL=(ALL) ALL

Defaults syslog=auth

EOF

if (i_should("wheel_all")) {
  $text .= <<EOF;
# Allow people in group wheel to run all commands, but still require password
\%wheel ALL=(ALL) ALL

EOF
}

my %sudo;
my %input = flatten_hash(c("$hostname/sudo"));
while(my($username, $commands) = each(%input)) {
  next unless i_should($username);
  map { $sudo{$username}->{$_}++ } @$commands;
}

$text .= "$_ ALL = ". join(", ", keys %{$sudo{$_}}). "\n"
  foreach keys %sudo;

text_install(-file => "/etc/sudoers", -text => $text, -cmd => "visudo -c",
             -mode => 0440, -uid => 0, -gid => 0);

